> By the way, if anyone is interested, that article on the Untangle
> comparative I mentioned is at:
> http://www.smallblue-greenworld.co.uk/AV_comparative_guide.pdf

Very interesting, David.

The point about the sample size and the curious and significant fact
that "WatchGuard, which uses the ClamAV engine, nevertheless failed
to detect anything but the EICAR test file" would be enough to ring
alarm bells on their own. I recall both points from just skimming a
thread about this "test" at Slashdot. But there's so much more here.

This staggered me:

"Subsequent discussions indicated that they were simply acquired from
darkside web sites or the tester's own mailbox ..."

If the latter, that makes the process circular and pretty much
worthless, since he was presumably finding them -- and perhaps _not_
finding others -- in his mailbox with one of the products he was
later testing against.

The University of Utah had a comparative study, testing against
Office macro viruses, using a much larger sample, and in that test
ClamXAV performed notably badly:

That was quite some while ago (2003 by the looks) and maybe it's more
effective now. Still, a sample of 18 (or whatever -- there seems to
be doubt even here) combined with all the other inadequacies in the
test doesn't exactly restore confidence.